The FBI found the signal for the events that led up to 9/11. Once they knew
what to look for. It was there in their files and reports. Remember this.
It is one of the most basic problems in security. The crux of this problem
is separating signal from noise.

In the aftermath of 9/11 the cry went out to increase the FBI's information
input. Legislation was passed. Policies were put in place that now give
the FBI unprecedented (in the United States) powers of survailence. But the
effect that this has is to exacerbate their difficulties in detecting signal.

Increasing the input without addressing the signal detection issue properly
amounts to a denial of service attack. As some uncovered FBI memos
indicate, some agents 'sensed' an alarm situation. Yet, in the normal day
to day operations at the FBI these memos were lost in the normal traffic
i.e. "noise". In other words, the sensitivity of the system was set too
high for its ability to properly process the data flow.

The stance taken by the British banks was that ATM machines are totally
secure. The effect of this is that it put all blame of any error on the
customer. Digital signatures are an attempt by some to shift the burden
to the customer.

The Trusted Computing Platform Alliance (TCPA) proposes that a platform
be developed that is "trusted". The owner of this platform is implicitly
NOT trusted. In any legal proceding where evidence is obtained from a
computer the owner is guilty without question because the computer is
"trusted". As the British ATM machines were trusted therefore it must be
the user who is guilty.

RJA spends a good deal of time on security models. These are used for
design and analysis. An attack on a system is aimed at the cracks between
the assumptions made in the construction of the model. Or more often at
cracks in the implementation of the design.

A strategy of layering defense upon defense is generally a very expensive
tactic that is very unlikely to work. In exercise after exercise, Anderson
goes through the litany, what is being defended, from whom, what resources
do they have, what is they goal. In one chapter he discusses seven
hypothetical cases of "How to steal a painting". Each one details a different
threat model.

In the late 80s, early 90s they started making some cars that were highly
desirable to thieves difficult to 'hot wire'. So, we saw a huge increase
in a new form of auto theft, car jacking. That is, the theives broke the
security model by resorting to unanticapated methods.

In conclusion, this is an end to end overview of security system design from
the engineer's perspective. It is a book that anyone responsible for
security wishes everyone would read, especially pointy_haired_bosses. The
reason is simple. Then we won't be forced to deal with the latest high-tech
security snake oil as the PHB will be able to poke holes in the marketing
hype by themselves. It would also put an end to the effectiveness of FUD
regarding 'electonic pearl harbor', 'cyber terrorist attack', and other
such ploys to exert political power over a technical field.